The Crystal Programming Language Forum

Multiple cookies with the same name

So I was working on better supporting Cookies in Athena responses and noticed that the current HTTP::Cookies type doesn’t support cookies with the same name, but different path/domains. This is because the internal hash is only keyed by the cookies name, when it should really be [domain][path][name].

I check to see how other langs handle this:

I’m not sure how common this is, but would be pretty simple to support so :man_shrugging:.

Thoughts?

2 Likes

Ok so I started messing around with an implementation for this and are some aspects that I didn’t think about that are going to make it trickier to implement.

  • #each method to get an Iterator
    • It’s not as simple as like @cookies.each_value anymore. Would probably want to make use of Iterator.chain consisting of an iterator for each [domain][path] hash
  • #to_h wouldn’t support multiple names
    • Technically would be a breaking change as it’ll no longer be a 1D hash
  • Prob some other stuff I didn’t run into yet.

I’m happy to continue figuring this out and make a PR, but think it would be worth seeing if this is something that is actually wanted first.

I suppose it makes sense. Although actual use cases might be a bit rare. So not 100% sure about that.

Yea given this hasn’t come up and I don’t really have a use case I’m just going to pause on it for now.

Would this apply to testing multiple environments/deployments/url’s … and not wanting the cookies to ‘bleed’ between them?

It mainly applies to like:

require "http"

cookies = HTTP::Cookies.new

cookies << HTTP::Cookie.new "name", "foo"
cookies << HTTP::Cookie.new "name", "bar", path: "path"

cookies["name"].value # => "bar"

Of which, would end up only setting the 2nd cookie in the browser.

I find it quite insane that the specification even allows this.

It’s actually really great for microservice architectures implemented via layer-7 load balancing (such as an ALB or K8s Ingress resource).

For example, if https://example.com/a and https://example.com/ routed to two different services, allowing multiple cookies to be set with the same name at different paths means that the two services don’t need to coordinate in order to avoid naming collisions.

I think I misread the first post. :blush:

I read it as “allows with the same name and same path”

And thats the reason I don’t do software for planes or medical devices :slight_smile: